RICOH Streamline NX vulnerable to tampering with operation history

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...

CVE-2025-8360

creationtimestamp| type| source ---|---|--- 2025-09-06 03:55:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ly5bqrzzxc2r...

CVE-2025-58628

creationtimestamp| type| source ---|---|--- 2025-09-05 18:11:14+00:00| seen| https://t.me/canyoupwnme/6896 2025-09-05 19:02:30+00:00| seen| https://t.me/canyoupwnme/6902 2025-09-05 19:20:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ly4exru4kp2g 2025-09-06 10:31:31+00:00| seen|...

Ubuntu 14.04 LTS / 16.04 LTS : KDE PIM vulnerabilities (USN-7729-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7729-1 advisory. Damian Poddebniak, Christian Dresen, Jens Mller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jrg Schwenk...

Linux Distros Unpatched Vulnerability : CVE-2016-7152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

SUSE SLES15 Security Update : netty (SUSE-SU-2025:03021-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03021-1 advisory. - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Tenable has extracted the preceding descripti...

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2025-47909

The CVE-2025-47909 entry describes a CSRF vulnerability in gorilla/csrf related to how TrustedOrigins can permit both HTTP and HTTPS origins. Affected component: gorilla/csrf (Go web middleware). Root cause: Origin/Trust logic allows a host listed in TrustedOrigins to bypass same-origin checks, e...

PT-2025-35244

Name of the Vulnerable Software and Affected Versions: Go affected versions not specified Description: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, potentially enabling network attackers to perform Cross-Site Request Forgery CSRF attacks. Following...

Malicious code in https-proxy-utils (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in easy-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41670 Malicious code in easy-https (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-55616

creationtimestamp| type| source ---|---|--- 2025-08-27 13:42:21+00:00| seen| https://gist.github.com/livepwn/54d5829ae0a89d7a42a9c69ef8bb4a26 2025-10-05 14:37:04+00:00| seen| https://sploitus.com/exploit?id=DC1E571F-0A31-5CD6-AF19-CF3299EADB59&utmsource=rss&utmmedium=rss 2025-10-05 14:37:04+00:00...

GHSA-V6H2-P8H4-QCJW

creationtimestamp| type| source ---|---|--- 2025-08-27 13:18:08+00:00| seen| https://gist.github.com/bsudek/980cc636266f98d8f7765e1c27dff049...

CVE-2025-9526

creationtimestamp| type| source ---|---|--- 2025-08-27 13:09:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115100886714680020...

Linux Distros Unpatched Vulnerability : CVE-2025-30194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illega...

Server-side Request Forgery (SSRF)

Overview request-filtering-agent is an An https.Agent implementation that block request Private IP address. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTPS request handling process. An attacker can access internal services by sending specially...

CVE-2025-57814 request-filtering-agent SSRF Bypass via HTTPS Requests

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...